How Cybercriminals Adapted to Microsoft Blocking Macros by Default

One long-awaited security move caused a ripple effect in the cybercrime ecosystem. [TechWeb]( Follow Dark Reading: [RSS]( May 15, 2023 LATEST SECURITY NEWS & COMMENTARY [How Cybercriminals Adapted to Microsoft Blocking Macros by Default]( One long-awaited security move caused a ripple effect in the cybercrime ecosystem. [WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug]( The privilege escalation flaw is one in thousands that researchers have disclosed in recent years. ['Very Noisy': For the Black Hat NOC, It's All Malicious Traffic All the Time]( Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events. [AI Is About to Be Everywhere: Where Will Regulators Be?]( Regulators should apply a healthy skepticism to generative AI developments to guarantee a competitive marketplace. [Malicious Chatbots Target Casinos in Southeast Asia]( Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme]( Attackers compromised the personal email of a new employee and, when the initial attack failed, attempted through socially engineered messages to get the company to pay them off. [Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns]( New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors. [Startup Competition Secures ML Systems, Vulnerabilities in Automation]( RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs. [MORE]( LATEST FROM DR GLOBAL [New Competition Focuses on Hardening Cryptosystems]( The Technology Innovation Institute’s year-long cryptographic challenges invite participants to assess the concrete hardness of McEliece public-key encryption scheme. LATEST FROM THE EDGE [Making Sure Lost Data Stays Lost]( Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness. LATEST FROM DR TECHNOLOGY [Microsoft Authenticator to Enforce Number Matching]( As a way to enhance MFA security, Microsoft will require users to authorize login attempts by entering a numeric code into the Microsoft Authenticator app. WEBINARS - [Next-Generation Supply Chain Security]( Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ... - [Building the SOC of the Future: Next-Gen Security Operations]( No matter the industry, the organization's size, or the number of security professionals on staff, organizations need to monitor their systems for potential threats and respond quickly in the event of a compromise. Many enterprises are building out or expanding ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [ESG Report: Automated Application Security Testing for Faster Development]( - [Proof-Based Scanning: No noise, just facts]( - [AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle]( - [A Buyer's Guide to Securing Privileged Access]( - [Every Minute Matters: Real-World Incident Response Timelines In Action]( - [Cymulate Named Innovation Leader, Frost & Sullivan's - Frost Radar BAS, 2022]( - [What Are the Top and Niche Use Cases for Breach and Attack Simulation Technology?]( [View More White Papers >>]( FEATURED REPORTS - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Juniper Research Study Reveals Staggering Cost of Vulnerable Software Supply Chains]( [Trend Micro Reports Consistent Earnings Results for Q1 2023]( [Coalfire Compliance Report Unveils the Next Horizon in Compliance]( [Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)